1 | /* taint.c |
---|
2 | * |
---|
3 | * Copyright (C) 1993, 1994, 1995, 1996, 1997, 1998, 1999, |
---|
4 | * 2000, 2001, 2002, by Larry Wall and others |
---|
5 | * |
---|
6 | * You may distribute under the terms of either the GNU General Public |
---|
7 | * License or the Artistic License, as specified in the README file. |
---|
8 | * |
---|
9 | */ |
---|
10 | |
---|
11 | /* |
---|
12 | * "...we will have peace, when you and all your works have perished--and |
---|
13 | * the works of your dark master to whom you would deliver us. You are a |
---|
14 | * liar, Saruman, and a corrupter of men's hearts." --Theoden |
---|
15 | */ |
---|
16 | |
---|
17 | #include "EXTERN.h" |
---|
18 | #define PERL_IN_TAINT_C |
---|
19 | #include "perl.h" |
---|
20 | |
---|
21 | void |
---|
22 | Perl_taint_proper(pTHX_ const char *f, const char *s) |
---|
23 | { |
---|
24 | char *ug; |
---|
25 | |
---|
26 | #if defined(HAS_SETEUID) && defined(DEBUGGING) |
---|
27 | # if Uid_t_size == 1 |
---|
28 | { |
---|
29 | UV uid = PL_uid; |
---|
30 | UV euid = PL_euid; |
---|
31 | |
---|
32 | DEBUG_u(PerlIO_printf(Perl_debug_log, |
---|
33 | "%s %d %"UVuf" %"UVuf"\n", |
---|
34 | s, PL_tainted, uid, euid)); |
---|
35 | } |
---|
36 | # else |
---|
37 | { |
---|
38 | IV uid = PL_uid; |
---|
39 | IV euid = PL_euid; |
---|
40 | |
---|
41 | DEBUG_u(PerlIO_printf(Perl_debug_log, |
---|
42 | "%s %d %"IVdf" %"IVdf"\n", |
---|
43 | s, PL_tainted, uid, euid)); |
---|
44 | } |
---|
45 | # endif |
---|
46 | #endif |
---|
47 | |
---|
48 | if (PL_tainted) { |
---|
49 | if (!f) |
---|
50 | f = PL_no_security; |
---|
51 | if (PL_euid != PL_uid) |
---|
52 | ug = " while running setuid"; |
---|
53 | else if (PL_egid != PL_gid) |
---|
54 | ug = " while running setgid"; |
---|
55 | else if (PL_taint_warn) |
---|
56 | ug = " while running with -t switch"; |
---|
57 | else |
---|
58 | ug = " while running with -T switch"; |
---|
59 | if (PL_unsafe || PL_taint_warn) { |
---|
60 | if(ckWARN(WARN_TAINT)) |
---|
61 | Perl_warner(aTHX_ packWARN(WARN_TAINT), f, s, ug); |
---|
62 | } |
---|
63 | else { |
---|
64 | Perl_croak(aTHX_ f, s, ug); |
---|
65 | } |
---|
66 | } |
---|
67 | } |
---|
68 | |
---|
69 | void |
---|
70 | Perl_taint_env(pTHX) |
---|
71 | { |
---|
72 | SV** svp; |
---|
73 | MAGIC* mg; |
---|
74 | char** e; |
---|
75 | static char* misc_env[] = { |
---|
76 | "IFS", /* most shells' inter-field separators */ |
---|
77 | "CDPATH", /* ksh dain bramage #1 */ |
---|
78 | "ENV", /* ksh dain bramage #2 */ |
---|
79 | "BASH_ENV", /* bash dain bramage -- I guess it's contagious */ |
---|
80 | NULL |
---|
81 | }; |
---|
82 | |
---|
83 | if (!PL_envgv) |
---|
84 | return; |
---|
85 | |
---|
86 | #ifdef VMS |
---|
87 | { |
---|
88 | int i = 0; |
---|
89 | char name[10 + TYPE_DIGITS(int)] = "DCL$PATH"; |
---|
90 | |
---|
91 | while (1) { |
---|
92 | if (i) |
---|
93 | (void)sprintf(name,"DCL$PATH;%d", i); |
---|
94 | svp = hv_fetch(GvHVn(PL_envgv), name, strlen(name), FALSE); |
---|
95 | if (!svp || *svp == &PL_sv_undef) |
---|
96 | break; |
---|
97 | if (SvTAINTED(*svp)) { |
---|
98 | TAINT; |
---|
99 | taint_proper("Insecure %s%s", "$ENV{DCL$PATH}"); |
---|
100 | } |
---|
101 | if ((mg = mg_find(*svp, PERL_MAGIC_envelem)) && MgTAINTEDDIR(mg)) { |
---|
102 | TAINT; |
---|
103 | taint_proper("Insecure directory in %s%s", "$ENV{DCL$PATH}"); |
---|
104 | } |
---|
105 | i++; |
---|
106 | } |
---|
107 | } |
---|
108 | #endif /* VMS */ |
---|
109 | |
---|
110 | svp = hv_fetch(GvHVn(PL_envgv),"PATH",4,FALSE); |
---|
111 | if (svp && *svp) { |
---|
112 | if (SvTAINTED(*svp)) { |
---|
113 | TAINT; |
---|
114 | taint_proper("Insecure %s%s", "$ENV{PATH}"); |
---|
115 | } |
---|
116 | if ((mg = mg_find(*svp, PERL_MAGIC_envelem)) && MgTAINTEDDIR(mg)) { |
---|
117 | TAINT; |
---|
118 | taint_proper("Insecure directory in %s%s", "$ENV{PATH}"); |
---|
119 | } |
---|
120 | } |
---|
121 | |
---|
122 | #ifndef VMS |
---|
123 | /* tainted $TERM is okay if it contains no metachars */ |
---|
124 | svp = hv_fetch(GvHVn(PL_envgv),"TERM",4,FALSE); |
---|
125 | if (svp && *svp && SvTAINTED(*svp)) { |
---|
126 | STRLEN n_a; |
---|
127 | bool was_tainted = PL_tainted; |
---|
128 | char *t = SvPV(*svp, n_a); |
---|
129 | char *e = t + n_a; |
---|
130 | PL_tainted = was_tainted; |
---|
131 | if (t < e && isALNUM(*t)) |
---|
132 | t++; |
---|
133 | while (t < e && (isALNUM(*t) || strchr("-_.+", *t))) |
---|
134 | t++; |
---|
135 | if (t < e) { |
---|
136 | TAINT; |
---|
137 | taint_proper("Insecure $ENV{%s}%s", "TERM"); |
---|
138 | } |
---|
139 | } |
---|
140 | #endif /* !VMS */ |
---|
141 | |
---|
142 | for (e = misc_env; *e; e++) { |
---|
143 | svp = hv_fetch(GvHVn(PL_envgv), *e, strlen(*e), FALSE); |
---|
144 | if (svp && *svp != &PL_sv_undef && SvTAINTED(*svp)) { |
---|
145 | TAINT; |
---|
146 | taint_proper("Insecure $ENV{%s}%s", *e); |
---|
147 | } |
---|
148 | } |
---|
149 | } |
---|